Ubiquiti employee jailed for staging ransomware attack on own company
Nickolas Sharp, 37, has been sentenced to six years in prison.
Sharp pleaded guilty before a federal court in New York and admitted extorting his former employer Ubiquiti of nearly $2 million as well as subsequent actions that led the company to lose much more.
In December 2020, Sharp downloaded gigabytes of sensitive data from Ubiquiti for a job interview with another employer. To conceal his activities, he doctored the log retention policies, damaging them in the process. ‘Sharp modified session file names to attempt to make it appear as if other coworkers were responsible for his malicious sessions,’ the FBI stated.
In 2021. Sharp posed as an anonymous hacker and sent a ransom note to Ubiquiti demanding 50BTC (around $1.9 million) for returning stolen data and pointing out the vulnerability in the system. All the while, Sharp himself was pretending to fix the glitch he’d created and presumably may have even directly or indirectly ‘liaised’ with his alter ego during the ransom negotiations.
US Department of Justice (DoJ) stated that when the FBI started investigating him, Sharp started to publish misleading news articles identifying himself as an anonymous whistle-blower about the company’s handling of the breach. The FBI implied that this resulted in the company losing around $4 billion from its market capitalisation as its share prices went down on the New York Stock Exchange.